SPF records fail because of CNAME to railway domain
Hi, I have a website hosted at Railway via CNAME (as is the only option provided). Now I realized that it is not possible to have CNAME and at the same time have SPF TXT records for the same domain. SPF checks for emails fail because of this. Are there any workarounds?
Thank you in advance 🙂
21 Replies
Project ID:
N/AN/A
This should be possible. What DNS provider are you using?
Sorry for the late reply. I'm using Namecheap. My SPF records are not working.
Are you using Namecheap's "Web Hosting DNS" (do you have cPanel?)
Yeah I use the "Advanced DNS"
EasyDMARC
How to Add SPF Record in Namecheap
An SPF protocol can increase your trustworthiness in receiving email servers. Here is a step-by-step guide on how to add your SPF record in Namecheap.
I have no issue adding SPF record, I have done that and it worked before I attached the CNAME record to Railway. However, the DNS spec states that, "if a CNAME record is present, no other data should be present" (https://serverfault.com/questions/834320/adding-both-cname-and-txt-dns-records-for-one-subdomain).
Because of this, my emails fail the SPF check while the CNAME is active.
Server Fault
Adding both CNAME and TXT DNS records for one subdomain
I have a Heroku app and I need to set up a domain for it. The common way to set it up is to use CNAME record to specify that this domain is an alias to <your-domain-name>.herokuapp.com. The t...
Try changing your CNAME to an ALIAS Record (ANAME): https://www.namecheap.com/support/knowledgebase/article.aspx/10128/2237/how-to-create-an-alias-record/
You'll need to delete the CNAME record first
@dane.stevens Maybe, but I'm a bit hesitant since @Brody answered like this when asked the same question:
ANAME is essentially a CNAME without the restrictions: https://dnsmadeeasy.com/post/what-is-an-aname-record
What is an ANAME Record? - DNS Made Easy Blog
ANAME record is a record that performs like a CNAME record but can be pointed at the root of a domain. Example: A record that’s been morphed into a CNAME.
you can always set up a second domain on railway, and point an ANAME to that to test it
What could be disadvantages of using ALIAS record then? If @Brody answered like that, must be some disadvantage no?
It's possible railway is checking specifically for CNAME and doesn't support ANAME. If they don't, you may want to re-point your NS servers to cloudflare (Cloudflare does something called CNAME flattening which negates this issue)
Using Cloudflare NS is definately a possibility. So CNAME flattening makes other DNS records (such as SPF records) work?
Yeah, it basically masks the CNAME as an A record
But if it masks the CNAME record will Railway still find that record then?
Yes
Okay. Will test and see if it works.
@dane.stevens Actually tried the ALIAS record method first (as it was easiest to test), and everything seems to be working very fine. Both Railway domain and SPF-records works perfectly according to my testing. Will stick with that, @Brody please intervene if me and @dane.stevens missed something about why ALIAS might be suboptimal. Thanks for your help @dane.stevens 😄